Warnings against downloading malware are set to be included in future versions …

Share this story

Google already warns users of its search engine if the page they're about to click on is likely to be malware. The company also has an API, the Safe Browsing API, to allow Web browsers to check if a URL is bad or not. This API is already used by Chrome, Firefox, and Safari.

Google has just announced that it's going to take this protection even further in its Chrome browser and apply it to executable downloads. Click a link that downloads a program Google's Safe Browsing API regards as hostile and you'll see a warning, along with an option to cancel the download.

Initially, malicious Windows programs will be the target. Such programs are unfortunately commonplace and generally depend on social engineering tricks—rather than outright security flaws—to lure users into installing them, with fake video codecs and bogus anti-virus software both being popular approaches.

A similar security system, designed for a similar purpose, was included in Internet Explorer 9. In that system, each download has a reputation attached to it, which is determined by the number of other people downloading a particular file. Try to download a file with a bad reputation and the browser will warn you that there's a chance it's malicious. This builds on top of the SmartScreen URL verification found in Internet Explorer 8 that offers equivalent functionality to the Safe Browsing API (though Microsoft claims that SmartScreen is far more effective).

The new Chrome feature will initially be available in the development version of the browser, and the company hopes to have it ready in time for the next stable release.